Employers with operations in Europe should note a recent decision from Greece’s Hellenic Data Protection Authority (HDPA), which fined PwC 150,000 euros—approximately US$164,721—for improperly citing employee consent as the legal basis for collecting, storing or transmitting workers’ personal information.
Under European Union (EU) law, people with weaker standing in a given situation, such as in an employer-employee relationship, cannot truly provide consent if they may suffer negative consequences by refusing. Therefore, the employees in question did not give consent as required under the General Data Protection Regulation (GDPR), and the employer’s use of their data was illegal.
“Consent of data subjects in the context of employment…
Credit to Dinah Wisenberg Brin for the original post.